IN THE CLAIMS: 



1 1 . (Previously presented) A service provider system for 

2 implementing changes in the security of a plurality of customer 

3 systems with a first subsystem (1 ) that does not have data as to the 

4 system characteristics of individual customer systems, comprising: 

5 means for providing activation tokens (6. 7, 8) to be transmitted to at 

6 least two customers with a second subsystem (2) for receiving said 

7 activation tokens, said means for providing activation tokens (6, 7, 

8 8) including means for providing activation information (7) and 

9 means for naming of system characteristics of a plurality of second 

10 subsystems in machine readable and filterable manner (6). wherein 

11 the relevance of said activation information to said second 

12 subsystem (2) can be determined by said second subsystems 

13 checking whether said second subsystem (2) has characteristics 

14 corresponding to said naming of said activation token, so that 

15 receipt by a customer system of an activation token does not 

16 indicate whether that token is relevant to the second subsystem of 

17 that customer. 
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2. (previously presented) Service provider system as claimed in 
claim 1 , wherein said means for providing activation tokens (6, 7, 8) 



3 include cryptographic means (8) for encrypting the activation tokens 

4 and signing means for producing a verification information to be 

5 verified by said second subsystem (2) of said customer. 

1 3. (previously presented) A customer system with a second 

2 subsystem (2) for receiving activation tokens, including both tokens 

3 relevant to said customer system and tokens not relevant to said 

4 customer system, provided by a service provider with a first 

5 subsystem that does not have data as to the system characteristics 

6 of individual customer systems, for implementing changes in the 

7 security of said customer system (1 ), said activation tokens 

8 including activation information and naming of system 

9 characteristics in machine readable and filterable manner, 

10 said second subsystem (2) comprising: 

11 receiving means (1 1 ) for controlling said receiving of said activation 

12 tokens, 

13 checking means (1 2) for automatically determining whether said 

14 activation information is relevant for said second subsystem (2) by 

15 checking whether said second subsystem (2) has characteristics 
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corresponding to said naming of an activation tol<en, and 
transforming means (13) for transforming relevant activation 
information into at least one activation measure for said second 
subsystem (2) that implements a change in the security of said 
customer system. 

4. (previously presented) Customer system as claimed in claim 
3, wherein said receiving means (1 1) include cryptographic means 
for verifying said service provider as being the provider of said 
activation token and admitting means for controlling whether said 
service provider is legitimated to send activation tokens to said 
customer. 

5. (original) Customer system as claimed in claim 3, wherein 
said transforming means (13) include at least one set of filter 
parameters to enable transforming of said relevant activation 
information into at least one acceptable activation measure. 

6. (previously presented) Customer system as claimed in claim 
3, wherein said second subsystem (2) includes implementation 
means (14) for automatically implementing at least one activation 
measure and reporting implemented activation measures. 



7. (canceled) 



8. (canceled) 



1 9. (previously presented) Customer system as claimed in claim 

2 3, wherein said receiving means (1 1 ), checking means (12) and 

3 transforming means (13) of said second subsystem (2) are part of 

4 an apoptosis system realized by at least one means out of the 

5 group of a daemon, a kernel module, an initab, an inetd, tcp- 

6 wrapper, a rpcbind, a resource manager, a network management, 

7 and a hardware device. 

1 10. (previously presented) A system for supplying activation 

2 information to a subsystem, said system comprising: 

3 a service provider with a first subsystem (1 ) that does not have 

4 data as to the system characteristics of individual customer 

5 systems, for providing activation tokens for implementing changes 

6 in the security of a plurality of customer systems to at least two 

7 customers with a second subsystem (2) for receiving said activation 

8 tokens including both tokens relevant to said customer system and 

9 tokens not relevant to said customer system, said activation tokens 

10 including activation information and naming of system 
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1 1 characteristics of a plurality of second subsystems in macliine 

12 readable and filterable manner, wherein said second subsystem (2) 

13 comprises receiving means (1 1 ) for controlling said receiving of said 

14 activation tokens, checking means (12) for automatically 

15 determining whether said activation information is relevant for said 

16 second subsystem (2) by said second subsystem checking whether 

17 said second subsystem (2) has characteristics corresponding to 

18 said naming of an activation token, so that receipt by a customer 

19 system of an activation token does not indicate whether that token 

20 Is relevant to the second subsystem of that customer, and 

21 transforming means (1 3) for transforming relevant activation 

22 information into at least one activation measure for said second 

23 subsystem (2). 

1 11. (previously presented) System as claimed in claim 10, 

2 wherein said receiving means (1 1 ) include cryptographic means for 

3 verifying said service provider as being the provider of said 

4 activation token, and wherein said receiving means (1 1 ) include 

5 admitting means for controlling whether said service provider is 

6 legitimated to send activation tokens to said customer. 
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1 12. (original) System as claimed in claim 10, wherein said 

2 transforming means (1 3) include at least one set of filter parameters 

3 to enable transforming of said relevant activation information into at 

4 least one acceptable activation measure. 

1 13. (original) System as claimed in claim 10, wherein said 

2 second subsystem (2) includes implementation means (14) for 

3 implementing at least one activation measure. 

1 14. (original) System as claimed in claim 13, wherein said 

2 implementation means (14) include at least ane reporting means for 

3 reporting implemented activation measures. 

1 15. (original) System as claimed in claim 10, wherein said 

2 naming includes the specification of a version, platform and a 

3 configuration corresponding to said second subsystem (2). 

1 16. (previously presented) System as claimed in claim 1 0, 

2 wherein said receiving means (11), checking means (12) and 

3 transforming (1 3) means of said second subsystem (2) are part of 

4 an apoptosis system realized by at least one means out of the 

5 group of a daemon, a kernel module, an inittabo an inetd, tcp- 
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6 wrapper, a rpcbind. a resource manager, a network management, 

7 and a hardware device. 

17. (original) System as claimed in claim 13, wherein said 
system is reducing the vulnerability of said second subsystem (2) by 
automatically implementing activation measures at said second 
subsystem(2). 



1 18. (original) A method for providing activation information by a 

2 service provider with a first subsystem (1 ) to a customer with a 

3 second subsystem (2) comprising the step of: 

4 providing activation tokens by said service provider, wherein said 

5 activation tokens include readable activation information and 

6 naming of corresponding system characteristics in machine 

7 readable and filterable manner. 

1 19. (Canceled) 

2 20. (Canceled) 

3 21 . (previously presented) A method for using activation 

4 information for implementing changes in the security of a plurality of 
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5 customer systems by a customer with a second subsystem (2), 

6 said activation information being provided by service provider with a 

7 first subsystem (1 ) that does not have data as to the system 

8 characteristics of individual customer systems, to at least two 

9 customers in the form of activation tokens including said activation 

10 information and naming of corresponding system characteristics of 

11 a plurality of second subsystems in machine readable and filterable 

12 manner, said method comprising the steps of: 

13 receiving both relevant and non-relevant activation tokens by said 

14 second subsystem (2), automatically determining whether said 

15 activation information is relevant for the second subsystem (2) by 

16 automatically checking by said second subsystem (2) whether said 

17 second subsystem (2) has characteristics corresponding to said 

18 naming of an activation token, so that receipt by a customer system 

19 of an activation token does not indicate whether that token is 

20 relevant to the second subsystem of that customer and transforming 

21 relevant activation information into at least one activation measure 

22 for said second subsystem(2). 

1 22. (previously presented) Method as claimed in claim 21 , further 

2 comprising the step of verifying at said second subsystem (2) 
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3 whether said service provider is legitimated to send activation 

4 tokens to said customer. 

1 23. (original) Method as claimed in claim 21 , wherein said 

2 transforming includes filtering of said activation information by at 

3 least one set of filter parameters to get at least one acceptable 

4 activation measure. 

1 24. (previously presented) Method as claimed in claim 21 , further 

2 comprising the step(s) of implementing at least one activation 

3 measure and reporting implemented activation measures. 

1 25. (previously presented) Method as claimed in claim 21, 

2 wherein said checking by said second subsystem (2) includes 

3 checking whether said second subsystem (2) has a version, 

4 platform or configuration corresponding to said naming of an 

5 activation token. 

1 26. (original) Method as claimed in claim 21 , further comprising 

2 a step of automatically implementing at least one activation 

3 measure to said second subsystem (2). 
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27. (previously presented) Method as claimed in claim 26, further 
comprising the step of automatically implementing at least one 
activation measure leads to a reduction of vulnerability of said 
second subsystem (2) and enables a shutdown of a service of said 
second subsystem (2). 

28. (currently amended) A computer program comprising 
program code means for performing the method of claim 21 when 
said program is run on a computer. 

29. (previously presented) A computer program product 
comprising program code means stored on a computer readable 
medium for performing the method of claim 21 when said program 
is run on a computer. 
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